Fortunately, on July 7, MOVEit Transfer released a security patch, a software update that fixes vulnerabilities and enhances system security, effectively addressing the critical-severity SQL injection bug that had been exploited by the hackers.
According to the security bulletin issued by Progress Software Corp, a SQL injection vulnerability was discovered in the web application of MOVEit Transfer. This flaw allowed unauthorized access to the database, potentially enabling an attacker without valid credentials to manipulate and extract sensitive information from a business’s MOVEit Transfer database.
In this case, the Clop ransomware gang allegedly discovered a previously unknown vulnerability, employing specially crafted webshells, or pieces of code that enable remote control of compromised servers. By dropping these webshells onto vulnerable servers, the Clop gang allegedly gained unauthorized access and initiated a sequence of illicit actions.
This type of attack could lead to unauthorized modification and disclosure of the database's contents.
In response to feedback received from customers, the company announced the introduction of a regular Service Pack program for MOVEit products, including MOVEit Transfer and MOVEit Automation. These Service Packs are designed to offer customers a predictable, straightforward, and transparent process for receiving both product and security fixes.
Remaining vigilant, promptly installing software updates, and implementing robust security practices are essential for mitigating the risks posed by such cyber threats. By staying informed and proactive, organizations can fortify their defenses and protect themselves from the potentially devastating consequences of a breach.